.TH "failsafe_context" "5" "28-Nov-2011" "Security Enhanced Linux" "SELinux configuration"
.SH "NAME"
failsafe_context \- The SELinux fail safe context configuration file
.
.SH "DESCRIPTION"
The
.I failsafe_context
file allows SELinux-aware applications such as
.BR PAM "(8) "
to obtain a known valid login context for an administrator if no valid default entries can be found elsewhere.
.sp
.BR selinux_failsafe_context_path "(3) "
will return the active policy path to this file. The default failsafe context file is:
.RS
.I /etc/selinux/{SELINUXTYPE}/contexts/failsafe_context
.RE
.sp
Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
.sp
The following functions read this file from the active policy path if they cannot obtain a default context:
.br
.RS
.BR get_default_context "(3) "
.br
.BR get_ordered_context_list "(3) "
.br
.BR get_ordered_context_list_with_level "(3) "
.br
.BR get_default_context_with_level "(3) "
.br
.BR get_default_context_with_role "(3) "
.br
.BR get_default_context_with_rolelevel "(3) "
.br
.BR query_user_context "(3) "
.br
.BR manual_user_enter_context "(3) "
.RE
.
.SH "FILE FORMAT"
The file consists of a single line entry as follows:
.RS
\fIrole\fB:\fItype\fR[\fB:\fIrange\fR]
.RE
.sp
Where:
.RS
.I role
.I type
.I range
.RS
A role, type and optional range (for MCS/MLS), separated by colons (:) to form a valid login process context for an administrator to access the system.
.RE
.RE
.
.SH "EXAMPLE"
# ./contexts/failsafe_context
.br
unconfined_r:unconfined_t:s0
.
.SH "SEE ALSO"
.ad l
.nh
.BR selinux "(8), " selinux_failsafe_context_path "(3), " PAM "(8), " selinux_default_type_path "(3), " get_default_context "(3), " get_ordered_context_list "(3), " get_ordered_context_list_with_level "(3), " get_default_context_with_level "(3), " get_default_context_with_role "(3), " get_default_context_with_rolelevel "(3), " query_user_context "(3), " manual_user_enter_context "(3), " selinux_config "(5) "
